Skip to content

05 - Taikun Ingress - CertManager

For production environments, we naturally want to use a custom domain and HTTPS. There are multiple ways your organization might handle certificates. In this example, we will use Cert Manager, an industry-standard tool for automated certificate management in Kubernetes.

DNS Configuration

DNS setup depends on your domain registrar.

For demonstration purposes, we will use sslip.io – a wildcard DNS service that resolves anything like app.x.x.x.x.sslip.io to IP x.x.x.x. It is perfect for testing and demos.

Note

In a production environment, update your DNS records to point your domain to the Bastion IP address.

chart

How it works

Lab Excercise:

1. Deploy a Kubernetes Cluster

  • Use Taikun CloudWorks to deploy a new Kubernetes Cluster.
  • OR use existing cluster.

2. Deploy Cert Manager

  • Use the Taikun Managed Catalog App and find cert-manager.
  • Enable crds.enabled

cert-manager

cert-manager

3. Create a self signed Cluster Issuer

  • The ClusterIssuer resource tells Cert Manager how to obtain certificates.
  • For this example, we’ll use a simple self-signed ClusterIssuer for sslip.io. Here’s where you’d use Let’s Encrypt with DNS or HTTP validation (likely via Automated Certificate Management Environment - ACME) for real domains.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}

Tip

Apply the yaml file same like in first guide

4. Deploy WordPress Application

  • Use the Taikun Managed Catalog App to deploy the WordPress application. Don't forget to enable Extra Values in common settings.
  • Make sure to enable Taikun Ingress in the app parameters.
  • This will automatically create an Ingress resource to expose the application to the internet.

wp parameters

Parameters for WordPress

  • In the extra parameter section of the WordPress Deployment form, add the following annotation to instruct Cert Manager to issue a certificate:
ingress:
  annotations:
    cert-manager.io/cluster-issuer: "selfsigned-issuer"
  • This tells Cert Manager to use the self-signed ClusterIssuer for issuing the TLS certificate.

wp extra values

Extra Values for WordPress

5. Verify HTTPS and Domain Access

  • Once the application is deployed, Cert Manager will generate a self-signed TLS certificate.
  • The WordPress application will be accessible via the domain with HTTPS.
  • Verify that the site loads correctly and the connection is secured with a valid (self-signed) certificate.

https wp

HTTPS WordPress